Return-Path: owner-new-httpd
Received: by taz.hyperreal.com (8.6.12/8.6.5) id MAA14657;
 Wed, 2 Aug 1995 12:41:15 -0700
Received: from life.ai.mit.edu by taz.hyperreal.com (8.6.12/8.6.5) with SMTP
 id MAA14650; Wed, 2 Aug 1995 12:41:09 -0700
Received: from volterra (volterra.ai.mit.edu) by life.ai.mit.edu (4.1/AI-4.10)
 for new-httpd@hyperreal.com id AA15251; Wed, 2 Aug 95 15:41:00 EDT
From: rst@ai.mit.edu (Robert S. Thau)
Received: by volterra (4.1/AI-4.10) id AA25546; Wed, 2 Aug 95 15:40:56 EDT
Date: Wed, 2 Aug 95 15:40:56 EDT
Message-Id: <9508021940.AA25546@volterra>
To: new-httpd@hyperreal.com
Subject: Re:  my scoreboard file is world writeable
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

Hmmm... the only way I can think of to provoke a full-scale fork bomb
is to keep zeroing out the file, which will cause the root process to
think that there aren't enough free servers running and fork off more...
NB that you have to write on the *same* scoreboard file which the root
server opened, since it is not continually reopening it.  So, if the
attacker has write permission on the scoreboard, this is a problem; if
not, not --- and if the scoreboard isn't publically writable, then an
attacker who could write it could probably run the fork bomb themselves
anyway.  (Come to think of it, that covers a lot of these scenarios).

rst